Re: Firefox Problems

Incoming from Camilo Reyes:
> Hi All, just gave NetBSD a shot and I must say I like the
> streamlined simplicity and flexibility in the design so far. The
Me too, and the quality of the posts to this list, as well. Great
reading.
> problem I'm having while installing firefox is this error:
>
> => Bootstrap dependency digest>=20010302: found digest-20080510
> ===> Checking for vulnerabilities in firefox-2.0.0.14
> Package firefox-2.0.0.14 has a remote-system-access vulnerability, see:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785
> Package firefox-2.0.0.14 has a memory-corruption vulnerability, see:
> http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
> Package firefox-2.0.0.14 has a arbitrary-code-execution vulnerability, see:
> http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
> Package firefox-2.0.0.14 has a arbitrary-code-execution vulnerability, see:
> http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
> ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URLS in
> audit-packages.conf(5) if this package is absolutely essential.
> *** Error code 1
>
> Stop.
> make: stopped in /usr/pkgsrc/www/firefox
Caveat, I'm very new to NetBSD.
> It seems Firefox has some built-in holes in it, which makes me think
> twice before installing it. Should I install it anyway? Or find an
> alternative, if so, which one?
It looks to me that it's just obeying your security settings. If your
machine can stand to use potentially vulnerable packages, fix your
config file to allow it. I'd go look at the bug reports and see if
they're anything I need to worry about. Ie., if you're behind a router,
they may be irrelevant to you.
If it can't stand to run a buggy firefox (ie., a server), I don't
think I'd have X on it at all, much less FF.
--
Any technology distinguishable from magic is insufficiently advanced.
(*)
- -